SSL Authentication in Mongrel

I am working on project and I need to get the value stored in the
(SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for
sometime in PHP by getting the value of
Now that I am trying some stuff in Rails I can't seem to get
I try to do what you do above and I get a "Bad Request" when I have
SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able
to get up and running when I comment it out.

Here is my config:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 28800
SSLMutex "file:/var/run/ssl_mutex"
<VirtualHost *:443>
<Proxy balancer://mongrel_cluster>
# General setup for the virtual host
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
RequestHeader set X_FORWARDED_PROTO 'https'
ProxyPass / balancer://mongrel_cluster/
ProxyPassReverse / balancer://mongrel_cluster/
ProxyPreserveHost ON
#Rewrite the REMOTE_USER env variable into the request header
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt"
SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
And in an controller I am just doing:
<p><%= request.env['SSL_CLIENT_S_DN_CN'] %></p>
also tried
<%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %>

All I get is blank.

Any advice would be MUCH appreciated

As a "quick and nasty, see what the hell is happening" thing, I would
put the following in your view:

<%= session.to_yaml -%>

That way you can see what the session actually contains and debug from there.


Fantastic! ... I did that and was able to see that I was calling it

I was <%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %>

and all I needed was <%=

This is great news thanks for all your help.

Good! :slight_smile:

That is a bit of a hackish way to do it though (putting it in the
view). A better solution is making an around filter and then
requesting it.

Like here: